diff options
author | Chris Buechler <cmb@pfsense.org> | 2015-12-02 18:22:55 -0600 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2015-12-02 18:22:55 -0600 |
commit | 43180e9c49b913b5c6361822d839d51074890c20 (patch) | |
tree | 1c2cd1f72884070c969ea9590953ee42ddfdfb4c | |
parent | 5245206c6a7aad728f905a5a4cc5bfae03edfefc (diff) | |
download | pfsense-43180e9c49b913b5c6361822d839d51074890c20.zip pfsense-43180e9c49b913b5c6361822d839d51074890c20.tar.gz |
Sanitize the session_id/logout_id in captive portal.
-rw-r--r-- | etc/inc/captiveportal.inc | 1 | ||||
-rw-r--r-- | usr/local/captiveportal/index.php | 4 |
2 files changed, 4 insertions, 1 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 8e20ceb..0145962 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -915,6 +915,7 @@ function captiveportal_disconnect($dbent, $radiusservers,$term_cause = 1,$stop_t function captiveportal_disconnect_client($sessionid, $term_cause = 1, $logoutReason = "LOGOUT") { global $g, $config; + $sessionid = SQLite3::escapeString($sessionid); $radiusservers = captiveportal_get_radius_servers(); /* read database */ diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php index a8b3842..eaaf920 100644 --- a/usr/local/captiveportal/index.php +++ b/usr/local/captiveportal/index.php @@ -137,7 +137,9 @@ setTimeout('window.close();',5000) ; </html> EOD; - captiveportal_disconnect_client($_POST['logout_id']); + + $safe_logout_id = SQLite3::escapeString($_POST['logout_id']); + captiveportal_disconnect_client($safe_logout_id); } else if ($macfilter && $clientmac && captiveportal_blocked_mac($clientmac)) { captiveportal_logportalauth($clientmac,$clientmac,$clientip,"Blocked MAC address"); |